Documentation

Customizing the AD/LDAP module

You can adjust the module settings via the site administrative interface. A common set of customization operations include creating a record containing information about the corporate server whose database will be used to match user groups; setting parameters of the server schema and user group mapping.

Each record regulates access to a folder tree root. If the corporate network user groups are stored on several servers or in several databases on a single server, you should create a separate record for each storage point.

  1. Go to the list of Active Directory / LDAP servers (Administrative section -> AD / LDAP -> Servers)
  2. Click Add to open the new record creation form.
    1. The first group of controls are used to specify information about the corporate server as well as the database connection settings.

      The following is the description of the group settings.

      • Active: if this box is checked, this record is included in the user profile lookup when a user attempts to authorise. Otherwise, this record is ignored.
      • Name: the name of the record to be created as it will be shown in lists.
      • Description: type here the server description.
      • Mnemonic code: specify any mnemonic name for the new record. The mnemonic name can be used as the authorization prefix:

        <mnemonic_code>\<user_login>

        The prefix specifies the record that should be used to search for a user profile on the corporate server. This is useful when, for example, a corporate network user has common authentication credentials (login and password) and several profiles stored on different servers. In this case, the mnemonic name defines a record specifying the server and the catalogue tree root in which the system will search for the user profile to be user for authorisation. The mnemonic code can contain only Latin letters.

      • Server:port: the IP address and the port of a corporate server hosting the user group database. The port 389 is the technology standard to access an LDAP server.
      • Administrative login: login for administrative access to the server.
      • Administrative password: password for administrative access to the server.
      • Check: click this button after you have specified all required information. This will try to establish a trial connection to the server. If the check succeeds, the server should return a list of available tree roots. If the check fails, the page will display the error description in red.
      • Root: this field is used to select the catalogue tree root to be used for the user profile lookup when authorising.
    2. The Server schema group defines parameters of the user profiles stored on the server. The controls of this group are initialised with the standard values for LDAP or AD servers.
      • You can select the server type by clicking on the corresponding link in the section title.
      • If the corporate server overrides standard settings, the values in this group should be altered to reflect the server settings.
    3. The User Group Mapping section is used to load the corporate user groups and the site user groups in the Assignment Table and specify group mapping.
      • Click Refresh Group List to add more user groups to the table. This will also verify parameters specifies in other sections.
      • After the list is refreshed, this section will display the Assignment Table. The table entries are drop-down lists.
      • In the Remote server group column, select a corporate network user group. In the Remote server group column, select a site user group that would match the selected corporate network user group. Thus, a single table row contains the corporate network user group and the matching site user group.
      • To delete a row from the table, check the Delete box and click Apply.
      • You can add more rows to the table by clicking More.
  3. Click Save to save changes and go back to the list of servers. Saving a record adds it to the list of servers on the page Active Directory/LDAP servers.

To edit or delete a record, click the appropriate link in the Action column.

© «Bitrix24», 2001-2024
Up